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METHOD AND SYSTEM FOR MANAGING COOKIES ACCORDING 



TO A PRIVACY POLICY 



TECHNICAL FIELD 



The present invention generaJly refers to management of cookies in data 
processing systems, and in particular to confirming user acquaintsmce of 
cookie associated privacy policies in such systems. 



The usage of Internet has increased tremendously in the last few years and 
has now become everyman's tool. Basically, Internet is a set of computer 
networks joined together by means of gateways handling data transfer and 
using different protocols specifying how data can be sent and received. 

Today, several different applications are available for the users of Internet, 
such as using Internet as an information database, communication with 
other users by means of email, chat and instant messages. Also commerce is 
conducted on Internet with several companies offering products and services 
online and banking institutions allowing their customers to perform different 
transactions and payments over the Internet. 

The currently most commonly employed method of transferring data over the 
Internet is to use the World Wide Web (W3), or simply the Web, although 
other information transferring resources exist, e.g. File Transfer Protocol 
(FTP) and Gopher. In this Web environment, servers and user equipment, 
such as a computer or mobile station, uses the Hypertext Transfer Protocol 
(HTTP) for handling the transfer of data files. The information in these data 
files is formatted for presentation to a user in a standard page description 
language, the Hypertext Markup Language (HTML) and its counterparts for 
the Mobile Internet, i.e. using thin clients, e.g. mobile user equipment sind 
units, extensible HTML (XHTML) and Compact HTML (CHTML). In order to 
locate a server or a Web resource on the Internet, a Universal Resource 
Location (URL) is used. URL provides a universal, consistent method for 
finding and accessing resources. In order to access a resource, the user 
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typically uses a Web browser. In a iypical resource requesting scenario, the 
user requests a resource by clicking on a link or by entering information 
with a keyboard. The browser catches the information and translates it into 
an HTTP request. The browser then forwards this HTTP request to the Web 
server of the resource or content provider. Once the server has processed the 
request, it sends back a response to the browser. The browser translates this 
response to a human-readable format and presents it to the user. In this 
request-response scenario, the interface between the user and the browser is 
the standardized language HTML pCHTML/CHTML). Between the browser 
and the server the commimication protocol HTTP is used. 

In the scenario above, when the Web seiver returns the HTTP response 
object to the user (to the user's browser) it may also send a piece of state 
information, called a cookie, in the HTTP protocol header. A cookie may be 
transient, i.e. will only persist while a current browser session is open, or 
persistent. A persistent cookie is, once it is received by the browser, stored 
on the user equipment and will remain available even if the user closes the 
browser. Once a cookie is sent to user equipment, the server expects the 
cookie to be returned (replayed) in the HTTP header of subsequent messages 
sent from the browser to the server. Such a cookie inclusion in the HTTP 
header of messages from the browser is done without the user's awareness. 

Cookies are useful tools for creating user-friendly Web applications because 
they provides a way for storing user preferences and information so users do 
not have to redo tasks, such as registering on a company's Web site. For 
^cample, a shopping application can store information (in a ''shopping bag'') 
about the currently selected items. 

However, the storage of a cookie may be an unauthorized stor^e of data on 
another user's equipment (computer or mobile unit). In addition, the cookie 
could be used for tracking the user and his/her requests for information 
from server sites without the user's knowledge or permission. 
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A solution to the user privacy problems with cookies could be that the 
browser rejects storage of cookies on the user equipment. Browsers lypically 
accept all cookies as default, but often may be configured for disabling the 
cookie acceptance entirely. A problem with such a solution is that some Web 
sites may not function properly when the acceptance of cookies is disabled 
by the browser. Thus, the user may not be able to access such Web sites 
without having cookies accepted by the browser. 

In order to enable Web sites to express privacy practices, e.g. regarding their 
usage of cookies, in a standard form the Platform for Privacy Preferences 
Project (P3P) was launched in 1997, Regarding cookies, P3P specifies that a 
cookie that is to be included in the HTTP header and transmitted from a 
content provider to user equipment should be accompanied by or associated 
with a privacy policy. Such a policy typically specifies information about the 
company setting or providing the cookie, how the cookie is used by the 
company, etc. 

US Patent Application US 2002/0156781 A2 discloses a method and 
apparatus for managing cookies in a computer system. Cookies are received 
during a browser program session. The cookies are only stored in a 
temporary data store within the computer system for a duration of the 
browser program session. The cookies stored in the temporaiy data store 
may be displayed in response to a signal to terminate the session. Cookies 
are then selectively stored in a persistent storage based on user input. 

SUMMARY 

Although according to the Platform for Privacy Preferences Project (P3P) 
recommendations, a privacy policy describing the usage of cookies is 
transmitted to the user equipment this does not per se guarantees that the 
user actually has acquainted the poliQr. Thus, none of the prior art solutions 
provide a mechanism for the cookie setting content or resource provider to 
know that the user indeed has surveyed the privacy policy. 
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The present invention overcomes these and other drawbacks of the prior art 
arrangements. 

It is a general object of the present invention to enable a content or resource 
provider to know that a user has acquainted a privacy policy associated with 
a resource requested by the user. 

It is another object of the invention to provide a requested resoxorce from a 
content provider to a user in response to a privacy policy receipt specifying 
whether the user accepts a privacy policy associated with the resource. 

Yet another object of the invention is to provide a possibility for a user to 
specify how a content provider should manage personal data and cookies. 

A further object of the invention is to provide methods, devices and systems 
well adapted for usage in a P3P agreement procedure. 

These and other objects are met by the invention as defined by the 
accompanying patent claims. 

Briefly, the present invention involves a user requesting a cookie-associated 
resource from a content provider over a network, such as Internet. The 
resource could be a Web page, video, picture or audio file that, upon delivery 
to the user's user equipment (e.g. computer or mobile \mit), is accompanied 
by a set-cookie command, i.e. a cookie is provided and stored on the user 
equipment. In response to the request, a user agent associated with or 
provided in the user equipment receives a privacy policy from the content 
provider. The policy includes the content provider's policy regarding usage of 
cookies and privacy data in connection with the resource or service that the 
user has requested, e.g. during a P3P agreement procedxire. The user agent 
then generates a cookie receipt specifying whether the user accepts the 
privacy policy and, thus, accepts that the content provider sets a cookie on 
his/her user equipment. The receipt is then transmitted to the content 



wo 2004/006130 




PCT/SE2003/001067 



5 



provider, which provides the requested resotirce and sets a cookie if the 
receipt is positive or provides a cookie-less version, if available, to the user 
equipment in case of a negative cookie receipt. 

The invention is well adapted for usage in a P3P agreement procedure. Such 
procedure, generally starts with the user desiring a resource from a content 
provider, e.g. by clicking on a link on a Web site or entering an Universal 
Resoxirce Location (URL) of the resource on a Web browser on his/her user 
equipment. An associated user agent then requests a privacy policy reference 
file from the content provider. The reference is a file that ties privacy polices, 
including policies of management of cookies, to the resources and services 
provided by the content provider. When the user agent receives the 
requested reference from the content provider it identifies the URL of the 
privacy policy file associated with the desired resoiirce. A request policy 
message is then transmitted to the content provider that transmits the 
privacy policy file. The user agent cotild then display the privacy policy for 
the user by means of a viewer and a screen of the user eqmpment. In 
addition, the user is urged to either accept or reject, e.g. by clicking on a 
button or entering some input data, the policy. 

Alternatively, the user agent coiild have access to user preferences, a 
document specifying a set of rules of managing privacy data, including 
cookies, which the user has accepted. The user agent then compares the 
received privacy policy file with the preferences. If the policy fulfills the user 
preferences a positive cookie receipt is generated, whereas a negative receipt is 
generated if the privacy policy does not fulfill or match the preferences. Hie 
receipt is then preferably included in the HTTP (Hypertext Transfer Protocol) 
header of a get resource messs^e transmitted from the user agent to the 
content provider. 

In case of a positive receipt, the user agent also replays (provides) any cookies 
already stored on the user equipment and being associated with the presentiy 
requested resource. However, if the receipt is negative, any such stored and 
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resource-associated cookies are preferably removed from the user equipment. 
In addition, if the content provider (fraudulently) sets or provides a cookie, in 
spite of the receipt specifying that the user rejects setting cookies on his/her 
computer, any such set-cookie command is ignored by the user agent. 

The user agent could be implemented in software, hardware or a combination 
thereof in the user equipment, e.g. in the Web browser of the user equipment. 
Alternatively, the agent coiold be provided as a plug-in for the browser. Also a 
user agent arranged elsewhere, e.g. in a proxy server, is possible. In such a 
case, any user preferences coxild be stored in the server together with the user 
agent. The proxy server could then manage P3P agreement procedures on 
behalf of several different users. The server is preferably provided by a third 
party, to which the user has a service agreement (subscription), e.g. a network 
operator or service provider in case of mobile user equipment. 

The invention offers the following advantages: 

Provides mechanism enabling content providers to know that a user has 
acquainted a privacy policy associated with a requested resource; 
Allows users opportunity to accept or reject a content provider's policy 
regarding usage of cookies and privacy data before a cookie is set; and 
Is well adapted for usage in a P3P agreement procedxire for providing 
resoiarces from content providers to users over Internet. 

Other advantages offered by the present invention will be appreciated upon 
reading of the below description of the embodiments of the invention. 

SHORT DESCRIPTION OF THE DRAWINGS 
The invention together with further objects and advantages thereof, may best 
be imderstood by making reference to the following description taken 
together with the accompanying drawings, in which: 

Fig. 1 is a schematic overview of an example of a data processing system 
according to the present invention during a P3P agreement procedure; 
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Fig. 2 is a block diagram of an embodiment of a user agent according to the 
present invention; 

Fig. 3 is a block diagram of another embodiment of a user agent according to 
the invention; 

Fig. 4 is an illustration of an embodiment of user equipment to which the 
teaching of the present invention can be applied; 

Fig. 5 is an illustration of another embodiment of user equipment to which 
the teaching of the present invention can be applied; 

Fig. 6 is a block diagram of an embodiment of a content provider according 
to the present invention; 

Fig. 7 is a flow diagram of a cookie managing method according to the 
present invention; 

Fig. 8 is a flow diagram illustrating the receipt-generating step of Fig. 7 in 
more detail; 

Fig. 9 is a flow diagram illustrating an additional step of the cookie 
managing method according to the present invention; 

Fig. 10 is a flow diagram illustrating additional steps of the cookie managing 
method according to the present invention; and 

Fig. 1 1 is a flow diagram of a resource providing method according to the 
present invention. 
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DETAILED DESCRIPTION 
Throughout the drawings, the same reference characters will be used for 
corresponding or similar elements. 

In the last years the privacy and security awareness of computer users and 
those that are employing the Internet has increased tremendously and is 
today a prime issue for many users. For example, with today's technique it 
may be possible to map a user's Internet application pattern, i.e. registering 
the Web sites he/she frequently visits, by using a state object, a cookie, 
specifying, among others, the Universal Resource Locations (URLs) of the 
Web sites the user has visited. Many users find this violating his/her 
privacy, which might lead to consequences for how they will use the Internet. 
In many countries these privacy issues have been discussed thoroughly and 
the demands on the content providers, i.e. those providing Web sites and are 
setting cookies, have increased. For example, it has been suggested that a 
content provider is not allowed to set a cookie without first providing a 
cookie privacy policy, informing the user about the cookie and how it is used 

111- 

The present invention provides means for enabling a content provider to 
know that a user actually has acquainted the provided privacy policy and 
thus has accepted, or rejected, that cookies may be set. 

The present invention is well adapted for use in the Platform for Privacy 
Preferences Project {P3P), but not limited thereto. P3P provides, e.g. means 
for Web sites to express their privacy practices, including usage and 
management of cookies, in a standard format that can be easily interpreted 
by users, allowing the content providers to inform, the users about the site 
practices. Thus, P3P provides a mechanism for ensuring that users can be 
informed about privacy policies before they release personal (privacy) 
information. Further information regarding P3P and user privacy can be 
foimd in [2, 3]. 
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T^e present invention will now be disous'sed with «fe«noe to ^J^^ ^^^^^ 
procedure in connection to the data processing system of m- 1- The P3P 
U^ent concerns the privacy p^ces of pnMding a reso^ a 
Intent or service provider 200 to a user's user ^^^^^^l^ 
network, such as the Internet In this connection, a resource » a network da^ 
:i ^ service that can be identiiied by a URL. e.g. a Web site or page, vdeo. 
picture, audio file, etc. 

I„ the following the resour^ is identified as a resource assodated v^ a 
cookie. AS the pe«on skiUed in the art knows, once such a -o^^™^ 
^source is provided to a user equipment 300. the content provider 200 
Zditionany also provides or seU a ,persis<»nt, cookie in «^---— ^ 
300. More infonnation about cookies and setting cookies can be found m 

e Wo 1 includes in addition to the user 
The data processing system of Fig. 1 mcludes. m _ . _ 

e^pment 300 and content provider 200. a u^ agent 100^ u^^^* 

100 mediates interactions with the con^nt provider 200 on beha^ of the us^^ 

I agent 100 may be implemented in the user e<^pment 300. e.g^m *e 

web Iwser of the user equipment 300. provided as a plug-m to the Web 

Lwser of the user equipment 300. Alternatively, the agent "0 could b= 

Jplemented in a pro:<y server, located elsewhere, which is discussed m mon= 

detail below. 

the P3P agreement procedure generally starts when a user re<raests a cookie, 
ine roiT x- Vw rlickinc on a link on a 

associated resouroe from a content provider 200. e.g. bsr dickmg o 

web site presented on the Web browser of the user 

entering, using a keyboard or similar user input ^^^^^^^ J^^ 
„souroe on the Web browser. The user agent 100 asso«ated wrth the us«- s 
U^Lluipment 300 tr— . in response to the r^uroe re<iues^ a re<^^t 
Tfor a priva^ PoUcy reference me associated with the UKL of the^i^ 
associated r^souroe. This reference me states ^^^^^^ f^^^. 
sometimes poUcies that apply to a specific resource (URL or set of URM 
^ by the content provider 300. hi other words, the poU^ «ference ffle 
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is used to associate P3P priva<qr polices with certain r^ons of URI^space of a 
content provider 300. The poUcy «fer«>ce file is an extensible Markup 
Language (XML) with namespaces file that can specify the privacy policy for a 
. single Web site, portion thereof or several sites. The reference file typK=aU r 
specifies the URL where a poUcy file is found, URLs or regions of URL-space 
covered (and/or not covered) by the poUcy. cookies that are (and/or are not) 
covered by the poUcy, etc. The poUcy reference file is preferably located m a 
predefined "weU-known" location, but a document could indicate the locabon 
of the poUcy reference file through an HypeT«rt Markup Language (HTML 
link tag. extensible HTML (XHTML) link tag or an Hypert-ext Transfer Protocol 
(HTTP) header. 

The preferred predefined known location of a poUpy reference file is available 
on a site at the pa& /w3c/p3p.Kml. Thus, if the domain of the requested 
resource is www.werespec^ou.com the reference file is found on 
www.werespec,you.com/w3c/p3p.Kml. In such a case, the user agent 100 
identifies the domain of the requested cookie-associated resource and adds 
the suffix (/W3c/p3p.xml) to get the location of the reference file. 

Alternatively, or in addition, any document retrieved by HTTP may point to a 
poUcy refe.x=nce file though the use of a P3P response header. In such a case 
the HTTP header could include this extra information: 

P3P:poUcyref-nit*-.//www.werespeciyou.com/P3P/PoUcyRefeiences.xml" 

The user agent 100 then identifies the URL of the reference file ftom such an 
HTTP header in a document transmitted firom the content provider 200 to the 
user a«ent 100. A further possibiKty is to indicate the location of ttie relevant 
P3P poUcy reference file with an embedded HTML/XHTML link tag. An 
3 0 example of the link tag is: 

<linkrel="P3Pvl'' 

href=»http:/ /www.werespectyou.com/P3P/PoUcyReferences.xml > 



wo 2004/006130 



11 



PCT/SE2003/001067 



In such a case, toe user agent 100 identifies toe URL of toe reference file fa.m 

the tag. 

Once, the user agent 100 has identifxed the URL of tixe reference ffle, from the 
well-known location, HTTP header and/or HmL/XHTML link tag, it requests 
the poHcy reference file 400, typically, from the content provider 200 The 
requested reference file 410 is then provided to the user agent 100. Herebelow 
follows an example of such a policy reference file: 

<MKtA xmlns='lattp.//www.w3.org/2002/01/P3Pvr> 
<POLICY-REFERENCES> 
<EXPIRY max-age=''86400''/> 



<POLICY-REF about=T3P/defaulU5olicy.xml''> 

<INCLUDE>/*</INCLUDE> 
<EXCLUDE>/re^ster/index.html</EXLUDE> 

</POLICY-REF> 

<POLICY-REF about=''P3P/ register_poUcy .xml''> 
<INCLUDB>/register/index.html</INCLUDE> 

<COOKIE-INCLUDE/ > 
</POUCY-REF> 

<POLICY-REF about=»P3P/cookiej)olicy.xml''> 

<COOKIE-INCLUDE>/info/*</COOKIE-INCLUDE> 

</POLlCY-REF> 

< /POUCY-REFERENCES> 
</META> 

The r^cr^c ffle e«anple above indicates that aU toe cookies set by toe 
/register/inde..htnd page vrill be described in toe register_poUcy.Kml pnvacy 




wo 2004/006130 PCT/SE2003/001067 

policy file whereas all the cooldes set 4 the /tafo/- part of the site will be 
described by the coolde_poUcy^ privacy poUcy file. More information about 
reference files can be found in [2, 3]. 

The user ^ent 100 then identifies the P3P privacy poUcy associated with the 
desired cookie-associated resource from the reference file, or the cookie 
privacy poUcy associated with the resource, if the cookie policy is provided as 
an extra poUcy file. P3P privacy poUdes use an XML with namespaces 
encoding of the P3P vocabulary to WicaUy provide contact information for the 
legal entity (content provider 200) making the representation of privacy 
practices in a poUcy, enumemte the types of data or data elements coUected 
and explain how the data wiU be used. Thus, a (cookie) privacy policy 
preferably covers any data that is stored in the cookie or linked via the cootae. 
The poUcy further preferabty reference all purposes associated with data 
stored in the coolde or enabled by the cookie. Also any data/purpose stored or 
imked via the cookie should be found in the cookie privacy poUcy. In addition, 
if the linked data is collected by HTTP then the poUcy that covers the get or 
fetch request should also cover the data collection. For example, when 
WeRespectYou asks customers to fill out a form with their name, billing and 
shipping information, the P3P privacy poUcy that covers the form submittal 
should disclose that WeRespectYou coUects this data and explain how it is 
used. If WeRespectYou sets a cookie so that it can recognize its customers and 
observe their behavior on its Web site, it should have a separate poHcy tor this 
cookie. However, if the cookie U also linked to me user's name, billing and 
shipping information, perhaps so WeRespectYou can generate custom 
catalogue pages based on where the customers live, then that data should also 
be disclosed in the cookie privacy poUcy. 

once, the relevant privacy poUcy is identified, the user agent 100 requests the 
poUcy file 420 based on the URL of the poUcy as fcund in the poUcy reference 
file, -me requested poUcy 430 is then provided to the user agent 100. A typical 
example of a privacy poUcy dealing with cookies is found herebetow: 
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<POUCIES xmlns'-'http:/ /www.w3.org/2002/01P3Pvr> 
<POLICY naine="forShoppers" 

discuri="http://^vww.werespectyou.a)m/Privacy/Pri^^ 

xml : lang=''en''> 
<ENTITY> 

<DATA-GROUP> 
<DATA ref=''#business.naine">WeRespectYou</DATA> 
<DATA ref=''#businessxontact-info.postal.streer>23 St Street</DATA> 
<DATAref=''#busmessxontact-mfo.postalxity->Birminghain</DATA> 
<DATAref=»#business.contact-info.postal.stateprov">MI</DATA> 
<DATAref=''#business.contact-info.postal.postalcode''>48009</DATA> 
<DATAre^''#business.contact-info.postal.countiy'>USA</DATA> 
<DATAref=^#business.contact-iirfo.online.einafl=»mai3^^ 

<DATA ref="#business.contact- 
info.telecom.telephone.intcode''>l</DATA> 

<DATA ref="#busmess.contact- 
info.telecom.telephone.loccode''> 123</DATA> 

<DATA ref=''#business.contact- 
info.telecom.telephone.nummei->123456</DATA> 

</DATA-GROUP> 
</ENTITy> 

<ACCESS><contact-aiid-other/></ACCESS> 

<DISPUTES-GROUP> 
<DISPUTES resolution-type='*independent" 
service="http: / / www.PrivacySeal.example.orgf 
short-description-''PrivacySeal.example.or^> 
<IMG src=»http:/ /www.PrivacySeal.org.exainple.org/Logo.gir 

alt^'PrivacySeal's logo''/> 

<REMEDIES><correct/ ></REMEDIES> 

</DISPUTES> 
< /DISPUTE-GROUP> 
<STATEMENT> 
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<CONSEQUENCE> 
We tailor oiar site based on yoxir past visits. 
< / CONSEQUENCE> 

<PURPOSE><tailoring/ xdevelop/ >< /PURPOSE> 
<RECIPIENT><oiirs/ >< / RECIPIENT^ 
<RETENTION><stated-p\irpose/ ></RETBNnON> 

<DATA-GROUP> 
<DATA ref="#dynaniic.cookies''> 
<CATEGORIES><state/></CATEGORIES> 

</DATA> 

< /DATA ref="#dynamic.miscdata''> 
<CATEGORIES><preference/ ></ CATEGORIES> 

</DATA> 
</DATA-GROUP> 
</^ATEMENT> 
</POLICY> 
</POLICIES> 

For information about policies reference is made to [2, 3]. 

In an embodiment of the invention, once the user agent 100 receives the 
relevant requested privacy poUcy file it may display tiie policy on a user 
inteifece, e.g. a screen, of the user equipment 300. The user can Il.en survey 
and read the poUcy. In addition, the user agent 100 displays a question, e.g. m 
a pop-up window, on the screen of the equipment 300, urging the user to 
accept or reject the presented privacy policy. The user can then select accept 
(reject) the poUcy and that cookies discussed in the poHcy is set on the user's 
user equipment 300 by cUcking on the accept (reject) button of the pop-up 
window, by pressing a key of a keyboard associated with the user equipment 
300, etc. Based on this user input, the user agent 100 generates a cookie 
poUcy receipt, which is discussed in more detail below. 
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In another embodiment of the invmtion, fee user has specified user 
preferences, a document speci^itog a set of rules of managing privacy data, 
including cookies, which the user has accepted. The user preferences may be 
stored in a machine-readable format called A P3P Preference EKchange 
Language (APPEL) specifically designed for this purpose, -me preferences 
define the privacy settings of the user, e.g. by specifjtog under what 
conditions cookies may be set on his/her user equipment 300. The user agent 
100 then preferably has, or has access to, an administration tool so that the 
user can enter his/her privacy settings. In a typical implementation, the user 
agent 100 may have access to default user preferences that include the default 
privacy settings before the user actually starts using the user agent 100. The 
defeult preference is then preferably personalized duri.^ usage. Thus, the 
user agent learns- while the user equipment is being used, e.g. by presentmg 
questions to a user with a "remember this decision' check bo^ TWs usually 
works like: 

1. The user tries to do something, e.g. filling in his address on a re^stration 
form on a Web site. 

2 The user agent 100, or some program in the user equipment 300, asks a 
question ("Do you want to fill in address information?"), followed by a check 
box, indicating "remember this decision". 

3. If the check box is checked, the decision is stored, i.e. the user preferences 
are updated accordingly. 

During usage the preferences wiU become more and more personalized based 
on the user's earUer decisions regarding managing privacy information and 

cookies. 

,„ this embodiment, the user agent 100 is implemented to compare the 
received privacy poHcy with the user preferences. Based on this companson. 
Le. whether the privacy poUcy ftdfllls or matches the user preferences, a 
cookie policy receipt is generated similar to above. 
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■me policy r«=eipt. thus, specifies whether the user accepts or rejects the 
privacy poUcy ar«l that a cookie, associated wi& the resource, xs set. The 
Lipt is, thus, generated based directly (using a user input, or md^recOy 
(through a conxparison between the privacy poUoy and user pr^ere«=es, on 
the user's dedsion. The genet^ted poUcy «ceiPt ^ then transmitted firom the 
u.er agent 100 to the content previder 200 that is to provide the resource and 
set coolde. The receipt could be transmitted as a dedicated message to the 
content p«>vider 200 or included in one of the messages of the P3P ag«ement 
signaling between the user agent 100 and the content provider 200. to a 
pSened embodiment, the poUcy receipt is included in the HTTP header of toe 
resource get or fetch message 440 transmitted from the user agent 100 to the 
content provider 200. An e^onple of such a receipt including HTTP header of 
a get message is as follows: 

GET / index.php HTTP/ 1 . 1 
HOST: www.werespectyou.com 
P3P: cookie-receipt-ok 

in the example above, the user has, directly or indirectly, accepted the privacy 
poUcy and that a cookie to be set. The corresponding HTTP header the user 
rejects cookie setting on his/her user equipment 300 is: 

GEn* /index.php HTTP/ 1. 1 
HOST: www.werespectyou.com 
P3P: cookie-receipt-nok 

„ tt>e user accepts the (cookie, privacy policy and that a coolde is set, to 
addition to transmitting a positive poUpy rec«pt, .he user agent 100 r^U^ 
pmvides any cookies associated with .he requesting resource and ahea^ 
Lred on the user e<^ipment 300. Such a cookie has already "-^^ 
during an earUer r«^est of &e same resource (i.e. from the same U^-^^"- 
the content provider 200 receives toe receipt, e.g. in toe header of toe^ 
resource message, it provides toe resource 450 to toe user e<p.pment 300 
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(possible through the user agent 100). In addition it sets a cookie, or updates 
(resets) a replayed cookie. 

If however, the user does not accept the policy and that a cookie is sent, no 
stored resource-associated cookies are preferably replayed. In addition, the 
user agent 100 preferably removes any such stored resource-associated 
cookies from the user equipment 300. The user agent 100 also transmits the 
(negative) cookie receipt to the content provider 200, which is, thus, informed 
that the user does not accept the privacy poHcy or that cookies should be set. 
The content provider 200 can now provide the requested resource, but m a 
cookie-less version. In some appUcations, the resource might be a non-optxmal 
version of the usual cookie-associated resource, with limited functions and 
depersonali^d appearance. It could also be possible that the resource cannot 
be provided if a cookie is not used. In such a case, the content provider 200 
preferably transmits a message informing the user agent 100 and user 
accordingly. If the content provider 200 fraudulently tries to set a cookie, 
although the cookie receipt specifies that the user rejects any cookie settmg, 
the user agent 100 is preferably implemented to ignore any such received 
(favilty) set-cookie command. 

Fig 2 illustrates a block diagram of an embodiment of a user agent 100 
according to the present invention. The user agent 100 comprises an input 
and output (I/O) unit 110 for managing communication with associated user 
equipment and a content pn,vider. A message generator 120 of the user agent 
100 generates messages transmitted to the content provider, e.g. the get 
reference file, get policy file and get resource messages transmitted by the I/O 
unit 110 to the content provider during a P3P agreement procedure. A cookie 
receipt generator 125 is implemented in the user agent 100, e.g. in the 
message generator 120 or connected or associated thereto. In the embodmient 
of user agent 100 of Fig. 2, the receipt generator 125 composes the cookie 
privacy receipt based on a user-input signal provided from the I/O umt 110. 
Once composed, the receipt is provided to the message generator 120 and 
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i^luded in a message, preferably tl!e HTTP header of the get resource 
message, pn>vided to the I/O unit UO and forwarded to the content provider. 

When the I/O unit 110 receives a cooWe or privacy police from a contort 
provider it presents the privacy poUcy to a user. In an embodim«rt of the 
invention, the user agent 100 is equipped with a viewer (not Ulustrated) 
adapted for presentir^ policies to users. Altemadvefer, or in addition, th« user 
agent 100 can forward the poUcy to another viewer implemented m the 
associated user equipment, e.g. using a viewer of the Web brow«=r. The viewer 
presents the policy on a user interface, e.g. a screen, of the user equipment. In 
addition, the viewer also px^erably urges the user to accept or reject the 
privacy poHcy, e.g. by cUcldng on a button of a pop-up window, entenng data 
(for «mmple, Y(es) or N(o)) using a keyboard. The user-input signal is theri 
pnmded to the I/O unit 110 of the user agent 100, which forwards the signal 
to the cookie receipt generator 125. The generator 125 then composes U« 
receipt based on this input signal. 

A security operation or authenticating unit 130 may optionally be provided in 
the user agent 100 for authenticating or signing the cookie receipt, allowmg 
to content provider to identify from whom the receipt is derived Tlhe 
authenticating unit 130 may append an autiientication tag to the receipt. The 
tag could be a digital signature added to the receipt using a private signmg 
key 135 of an asymmetric key pair. The associated public verification key 
together with a certificate on the pubUc key is stored at a trusted party. Also 
message authentication, e.g. using symmetric keys 135, may be used to 
authenticate and identify the origin of the cookie receipt. A hash fanction 
value of ti.e request resource message, or a portion thereof, possibly also 
including additional data, e.g. UFL of the resource, tire present date, cmald be 
used for signing purposes. 

If a,e user rejects the poHcy and does not want any cookies to be set^ the 
(negative) input signal is also preferably forwarded from tire I/O umt 110 to a 
cooL processor 140 of tiie user agent 100. This cookie processor 140 is 
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implemented for deleting any cookies'Lready stored on the user equipment 
and which are associated with the requested resource. Such cookies can 
originate firom an earHer request of the resource and were, tlius, set dunng 
such an earner resource request procedure. It may be possible that the user 
equipment did not have a user agent 100 according to the invention at this 
earUer request procedure and that the user then did not have an opportumty 
to view the policy and transmit a negative cookie receipt to the content 
provider. Alternatively, the privacy poUcy of the resource might have changed 
ftx,m a policy that the user accepted at the earUer request to a new policy that 
the user does not want to accept. In addition, the user's point of view 
regarding setting cookies could have changed between the two occasions. 
Instead of deleting any stored cookies, the cookie processor 140 could 
generate a cookie delete signal that is transmitted to some cookie managmg 
program (e.g. the Web browser) of the user equipment, which then deletes the 
relevant cookie(s) based on the delete signal. If a negative cookie receipt, the 
I/O unit 1 10 preferably also ignores a set-cookie command from a (fraudulent) 
content provider. 

Fig 3 iUustratas a block di^am of another embodin»nt of a user agmt 100 
according to the invention. The user agent 100 of Fig. 3 includes a comparison 
vmit 160 that is adapted for comparing a (cookie) privacy poUcy recenred from 
the I/O unit 110 vrith user preferences 150. The user preferences 150 could 
be stored on the user equipment and provided to the comparison umt 150 
throu^ the I/O unit 110. Alternatively, the user preferences 150 are stored m 
comiection with toe user agent 100, e.g. together vrith the user agent 100 m a 
pr^, or associated thereto. The comparison unit 160 compares the pnvacy 
poUcy with the preferences 150 and investigates whether the poHcy fulfills or 
matches the user preferences 150. Based on this comparison, the companson 
unit 160 generates and transmits a comparison signal t» the cookie receipt 
generator 125. The generator 125 then generates the receipt in response to 
this received signal and provides the cookie receipt to the message generator 
120. Hie receipt is preferably included in the HTTP header of the get resource 
message generated by the message generator 120 and provided to the I/O unit 
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110, possibly after being signed by the authentication unit 130, for 
transmission to the content provider. Also an optional cookie processor 140 
may be implemented in the user agent 100 for deleting stored cookies in case 
of negative cookie receipts, similar to the discussion above with reference to 
Fig. 2. The means of the user agent 100 in Figs. 2 and 3, i.e. the I/O unit 110, 
message generator 120, cookie receipt generator 125, authenticating unit 130, 
cookie processor 140 and comparison unit 160, can be implemented in 
software, in hardware or as a combination of software and hardware. 

Also a user agent being essentially a combination of the functionalities of the 
user agent of F^. 2 and Fig. 3, respectively, is possible. In such a user agent, 
a comparison unit compares the received privacy poUcy with user preferences. 
If the policy fulfills the preferences, a positive comparison signal is transmitted 
to the generator that generates the (positive) cookie receipt. However, if the 
poUcy does not fulfill the user preferences, the poUcy is displayed on tiie user 
output interface (screen). The user agent, viewer portion of user agent, or 
external viewer, could present the complete privacy policy for the user or coiald 
be implemented for presenting only those portions of the poUcy that does not 
fulfill the user preferences. In addition, the viewer urges the user to input 
(click button or push key(s)) whether he/she accepts the poUcy. The I/O unit 
then forwards titie user-input signal to the generator tiiat generates the cookie 
receipt in response to this signal. Thus, in this embodiment the user gets an 
opporhmity to accept a poHcy that actually does not fulfill his/her preferences. 
This may be advantageous if the user in some appUcations can consider 
accepting poHces that he/she usuaUy does not accept. 

The user agent could also be implemented for performing the comparison 
functionaUly of Fig. 3 or the display functionaliiy of Fig, 2. The user could 
then specify for the user agent which operation mode it presently is to use. 

in a basic embodiment of the invention, the cookie receipt generally is as 
follows: 
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P3P: cookie-receipt-ok for a positive cookie receipt 

P3P: cookie-receipt-nok for a negative cookie receipt 

It may, however, be possible to use a more precise division in receipts that is 
based on one hand whether the user accepts the poHcy and on the other how 
the user accepts /rejects the poUcy. Table 1 below summaries the four possible 
cookie receipts and there consequences. 

Table 1 



Cookie receipt 


Meaning 


Action by user agent 


Action by content 
provider 


P3P: cookie- 
receipt-user-ok 

P3P: cookie- 


Policy is presented for 
user, user accepts policy. 

Poliqy fulfills user 
preferences. 


Replay of stored cookies 


Send resource and set 
cookie. 


P3P: cookie- 
receipt-user-nok 

P3P: cookie- 
receipt-prefs-nok 


Policy is presented for 
user, user rejects policy. 

Policy does not fulfill 
user preferences. 


Remove stored cookies, 
ignore set cookie. 


No cookies should be 
set. Provide cookie- 
less resource. 
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If the receipt is positive, the user agent, in addition to transmitting the 
cookie receipt and resource get message, should replay (provide) any cookies 
stored on the user equipment and being associated with the requested 
resource. The content provider should, once the positive receipt is received, 
provide the requested resource and set any cookies. In the case of positive 
receipt based on a comparison, the user has actually not read the privacy 
policy but (indirectly) accepts it through the user agent. In such a case, the 
poUcy can optionally be presented on the user equipment so that the user 
can read it in clear text. 

If the receipt is negative the user agent, in addition to transmitting the 
cookie receipt and resource get message, coiild remove any cookies stored on 
the user eqxaipment and being associated with the requested resource. The 
content provider should not, once the negative receipt is received, set any 
cookies but provide a cookie-less version (if available) of the resource to the 
user equipment. In addition, a note can be presented to the user (on the 
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user equipment) indicating that since the user refused cookies, the 
service/ resource will not function fully or at all. 

The user agent can be implemented in software, in hardware or a combination 
of software and hardware. For example implemented as software in a Web 
browser appUcation, or associated thereto, in the user equipment or provided 
as a plug-in to the Web browser. 

Fig. 4 illustrates an embodiment of user equipment 300 with access to a user 
agent 100 according to the present invention. In this embodiment the user 
equipment is illustrated as a computer 300, including a user output interface, 
i.e. screen 310 for displaying a privacy poUcy, a user input interface, i.e. 
keyboard 320, and a hard disk. In Fig. 4, the user agent 100 is implemented 
in a proxy server 340 located elsewhere, but directly or indirectly connected or 
associated with the computer 300. In Fig. 4, when a poHcy is accepted by the 
user, e.g. by cUcking on an accept button or through a comparison to user 
preferences, a cookie associated with the requested resource is set (provided) 
by the content provider and stored in a memory 330 of the computer 300. Also 
the user preferences may be stored on the computer 300. However, it might be 
advantageous to store user preferences in connection to the user agent 100, 
i.e. on the proxy server 340. This server 340 covdd be managed by a third 
party, which may hold preferences of many users, hi such a case, the 
preferences could be provided in a database in the proxy server 340 or 
associated thereto. One user agent 100 could then manage P3P agreement 
procedures with content providers on behalf of many users. The user agent 
100 could instead be implemented in the computer 300, e.g. in the hard disk 
of the computer 300. 

Fig. 5 illustrates another embodiment of user equipment 300 provided xvith 
user agent 100 according to the present invention. The user equipment is 
represented as a mobile xmit or station 300, including a mobile telephone, 
PDA (Personal Digital Assistant) or other mobile user equipment. The mobile 
unit 300 general^ comprises a screen 310 for presenting a received privacy 
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poUcy, user input interface 320, e.g. a keyboard, and a network subscriber 
identity module (SIM) 350 issued by a (network) service provider or operator, 
e.g. standard SIM cards used in Global System for Mobile CommunicatLons 
(GSM) mobile telephones. Universal Mobile Telecommunications System 
(UMTS) SIM (USIM), Wireless Identity Module (WIM), Internet Multimedia 
Services Identity Module (ISIM) cards and Universal Integrated Circuit Card 
(UICC) modules. In Fig. 5 the user agent 100 is implemented in the mobUe 
unit 100. However, it may possible to provide the user agent 100 in a proxy 
server as was discussed above. In such a case, the proxy could be managed 
by the (network) service provider issuing the SIM 350, such as a network 
operator with which the user has a service agreement (subscription). The user 
preferences are preferably stored in the proxy server if the server holds the 
user agent 100. Otherwise the user preferences is preferably stored m the 
mobUe unit 300. For thin user equipment, e.g. mobile units, with limited 
storage capability compared to computers, the preferences could be stored m 
some proprietary, optimized binary code. The mobile unit 300 also includes a 
memory 330 for storing any (accepted) cookies. 

If the cookie receipt is to be authenticated or signed before sending it from the 
mobile unit 300 to the content provider, a key 355 associated with the SIM 
350 could be reused for these signing purposes. Also an Authentication and 
Key Agreement (AKA) module provided on the SIM and comprising algorithms, 
e.g. the GSM A3/A8 AKA algorithms, for operating on data sent/received by 
the mobile unit 300 can be employed for authenticating, with the key 355, the 
cookie receipt. Alternatively, a dedicated authentication unit could be used 
instead of the AKA module. 

The user agent 100 could be provided as sofbvare, hardware, or a combination 
thereof in the mobile unit 300. Furthermore, the user agent 100 can be 
implemented in an appHcation environment provided by an appHcation toolkit 
associated witlx the SIM 350, e.g. SIM Application Toolkit (SAT) or UMTS SAT 
(USAT) The SIM 350 may be pre-manufactured with the user agent 100 or the 
user agent 100 may be securely (preferably authenticated and encrypted) 
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downloaded fixjm a network node, associated with the network operator or 
service provider issvung the SIM 350. Commands, associated with the SIM - 
mobile unit interface, are used for downloading and implementing the user 
agent 100 in the application environment. The same commands can also be 
used for subsequently receive and implement upgrades of the user agent 100. 

Fig. 6 illustrates a block diagram of an embodiment of a content or service 
provider 200 according to the present invention. The content provider 200 
comprises an input and output (I/O) vinit 210 managing communication witii 
a user agent and especially adapted for receiving get reference file, get poUcy 
file, get resource (with cookie receipt) messages and for transmitting a 
reference ffle, a poUcy file and a resoiarce to an user agent/user equipment. 
The content provider 200 preferably includes a predefined storage location for 
its reference ffle(s) 220. This could be the well-known location discussed in the 
foregoing. However, it coxald be possible to use anotiier storage location and 
then provide the URL of the reference file to a requesting user agent included 
in a HTTP header or tiirough a HTML/XHTML link tag. A database processor 
240 is provided in the content provider 200 for providing a requested privacy 
policy file stored in a memory location 250. The poUcy file(s) 250 could be 
stored in the content provider 200 or stored elsewhere, but preferably 
accessible for the processor 240. The database processor 240 preferably also 
has access to a storage location of ttie resovirces and services 260 tiiat tiie 
content provider offers and provides. This resource storage 260 could be a 
database of the Web pages, video, pictiire, and audio files tiiat the content 
provider 200 transmits to a requesting user agent. The resource storage 260 
could be provided in the content provider 200, associated tiiereto or provided 
fi-om some other party on behalf of tiie content provider 200. The resource 
storage 260 preferably includes at least two versions of a resource, witii one 
fully functional cookie-associated version and one, possible not optimal, 
version that is not associated with cookies. 



When the I/O unit 210 receives a get resource message with a positive cool 
receipt, the processor 240 provides tiie cookie-associated resource version 
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the I/O unit 210 that forwards it to the requesting user agent (user 
equipment). In addition, a cookie engine or generator 230 sets a cookie on the 
user equipment, by providing a set-cookie command or message to the I/O 
vmit 210 for forwarding it to the user equipment. However, if the receipt is a 
negative cookie receipt, i.e. specifying tiiat the requesting user does not accept 
that cookies are set, the cookie generator 230 should not provide any set- 
cookie command. In addition, the cooMe-less version of the resource, if 
available, should be provided to the user eqviipment. Optionally, the content 
provider 200 could transmit a note to the user equipment indicating that since 
cookies were rejected, the requested resource cannot be provided or only a less 
than optimal version of the resource can be provided. The means of the 
content provider 200 in Fig. 6, i.e. the I/O unit 210, cookie generator 230 and 
database processor 240 can be implemented in software, in hardware or as a 
combination of software and hardware. 

The content provider 200 could be a computer or server hosting a Web site of 
a company, e.g. a company offering services and resources, selling goods, 
presenting information, such as text, pictures, video and audio, on its Web 
site. A content provider 200 could also be any origin server managing or 
hosting a Web site or home page of a company, association, user etc., that 
sets cookies. 

Fig. 7 is a flow diagram summarizing the cookie management method 
accoixiing to the present invention. In step SI, a user agent associated with 
user equipment receives a privacy poUcy from a content provider. The poUcy 
includes the content provider's poHcy regarding usage of cookies and privacy 
data in connection with a cookie-associated resource or service that the user 
has requested, e.g. during a P3P agreement procedure. The user agent 
generates a cookie receipt in step S2. This receipt specifies whether the user 
associated with the user agent accepts the policy and, thus, accepts that a 
cookie is set. This cookie receipt is transmitted to the content provider in step 
S3. The method then ends. 
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Fig. 8 is a flow diagram illustrating the cookie-receipt-generating step of Fig. 7 
in more detail. Starting with step Sll, here it is concluded whether the user 
agent is adapted for comparing poUces with user preferences. A user agent 
could have functionality for generating the receipt based on a comparison, not 
based on a comparison, or there may be a user choice between generating the 
receipt based on a comparison or not on a comparison. If it is concluded that 
a comparison should be performed, the privacy policy is compared to the user 
preferences in step S12. In step S13 it is checked whether the poUcy fulfills or 
matches the user preferences. If the policy fulfiUs the preferences, a positive 
cookie receipt is generated in step SI 8. However, if the poHcy does not fulfill 
the preferences, a negative cookie receipt could be generated in step S19. 
Optionally, if the policy does not match the preferences the policy, the user 
agent could check if the poUcy should be displayed in step S14. If yes, the 
privacy policy is presented on the user equipment, such as on a screen, for the 
user in step S15. The user is also Txrged to accept or reject the poUcy by 
clicking on a button or entering some information (e.g. Y or N). In step. S16, 
the user agent receives the user-input signal and the signal is investigated in 
step S17 to conclude if the user accepts or rejects the poUcy. If accepted, a 
positive cookie receipt is generated in step S18 but if rejected, a negative 
receipt is generated in step S19. If it is concluded in step Sll that the user 
agent does not have functionalities for performing a comparison or the user 
has specified that no comparison should be performed, the privacy poUcy is 
displayed in step S15. Thereafter the method follows to step S16, S17 and S18 
or S19, as discussed above. The method then continues to step S3. 

Fig. 9 illustrates an additional step of the cookie managing method of Fig. 7 in 
case of a positive receipt. If a positive receipt is generated, any cookie(s) 
associated with the requested resource and already stored on the user 
equipment is replayed (provided) to the content provider in step S21. The 
method then continues to step S3. 

Fig. 10 illustrates additional steps of the cookie managing method of Fig. 7 in 
case of a negative receipt. If a negative receipt is generated, any cookie(s) 
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associated with the requested resource and already stored on the user 
equipment are preferably removed from the user equipment in step S22. No 
cookies should be replayed and a possible cookie-set command from a content 
provider should be ignored in step S23. The method then continues to step 
S3. 

Fig. 11 illustrates a flow diagram of a method of providing a resource from a 
content provider to requesting user equipment over a network, e.g. Internet, 
according to the present invention. In step S31 the content provider transmits 
a privacy poHcy to a user agent associated with the user equipment. The poUcy 
includes the content provider's poUcy regarding usage of cookies and privacy 
data in connection with the cookie-associated resource or service that the user 
has requested, e.g. during a P3P agreement procedure. In step S32 the 
content provider receives a cookie receipt specifying whether the user accepts 
the policy and, thus, accepts that cookies are set on his/her user equipment. 
The policy receipt is investigated in step 833. If the poUcy as checked in step 
S33 is positive, the content provider transmits the requested cookie-associated 
resource in step S34. In addition, a cookie is provided or set in step S35. 
However, if the receipt is negative, the content provider could provide an non- 
cookie-associated version, if available, of the resource in step 836. No cookie 
should be set. In addition, the content provider may transmit a note, 
specifying that since the user rejected that a cookie is set, no resource or only 
a non-optimal version thereof can be provided. The method then ends. 

It wiU be understood a person skilled in the art that various modifications 
and changes may be made to the present invention without departure from 
the scope thereof, which is defined by the appended claims. 
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CLAIMS 

1 . A method of managing cookies in a data processing system (1) comprising 
a user agent (100) requesting a resource associated with a cookie from a 
content provider (200), said method comprising the step of said user agent 
(100) transmitting, in response to reception of a privacy poUcy associated with 
said cookie, a cookie-poUcy receipt to said content provider (200), said cookie- 
poUcy receipt specifying whether a user associated with said user agent (100) 
accepts that said content provider (200) provides said cookie to user 
equipment (300) associated with said user agent (200). 

2. The method according to claim 1, further comprisii^ the step of including 
said cookie-poHcy receipt in a resource fetch message transmitted from said 
user agent (100) to said content provider (200). 

3. The method according to claim 1 , further comprising the steps of: 

said user agent (100) comparing said received privacy poHcy with 
user preference, said user preference specifying a cookie privacy poUcy 

accepted by said user; and 

- said user agent (100) generating said cookie-policy receipt based on 

said comparison. 

4. The method accoixiing to claim 3, wherein, if said received privacy poUcy 
does not fulfOl said user preference, said method comprising the steps of: 

said user agent (100) presenting said received privacy policy for said 
user on said user equipment (300); and 

said user agent (100) generating, in response to a user-input signal, 

said cookie-policy receipt. 

5. The method according to claim 1, further comprising the steps of: 

said user agent.(lOO) presenting said received privacy policy for said 
user on said user equipment (300); and 

said user agent (100) generating, in response to a user-input signal, 

said cookie-policy receipt. 
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6. The method accoitling to daim 1, further comiprising the step of 
authenticating said cooMe-poUcy receipt >vith an authentication key (135; 355) 
associated with said user s^ent (100). 

7. The method according to claim 1 , wherein, if said cooMe-poUcy receipt is 
specifying that said user does not accept that said content provider (200) 
provides said cookie to said user equipment (300), said method comprising the 
step of removing a stored cookie associated with said requested resource from 
a storage (330) in said user equipment (300). 

8 The method according to claim 1, wherein, if said cookie-poUcy receipt is 
specifying that said user does not accept that said content provider (200) 
provides said cookie to said user equipment (300), said method comprising the 
step of ignoring a cookie request command transmitted from said content 
provider (200) to said user agent (100). 

9. A method of providing cookies in a data processing system (1) comprising 
a user agent (100) requesting a resource associated with a cookie from a 
content provider (200), said method comprising the steps of: 

- transmitting a privacy policy associated with said cookie to said user 

agent (100); and 

. said content provider (200) providing, in response to reception of a 
cookie-policy receipt from said user agent (100), said cookie to user equipment 
(300) associated with said user agent (100) if said cookie-poUcy receipt is 
specifying that a user associated with said user agent (100) accepts that said 
content provider (200) provides said cookie to said user equipment (300). 

10. The method according to claim 9. wherein said cookie-poUcy receipt is 
received in a resource fetch message transmitted from said user agent (100). 

1 1 The method according to claim 9, wherein, if said cookie-poHcy receipt is 
specifying that said user accepts that said content provider (200) provides said 
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cookie to said user equipment (300), said method comprising the step of 
providing said cookie-associated resource. 

12. A user agent (100) provided in a data processing ^stem (1) for requesting 
a resource associated with a cookie from a content provider (200), said user 
agent (100) comprising means for transmitting (110), in response to reception 
of a privacy poHcy associated with said cookie, a cookie-poUcy receipt to said 
content provider (200), said cookie-poUcy receipt specifying whether a user 
associated with said user agent (100) accepts that said content provider (200) 
provides said cookie to user equipment (300) associated with said user agent 
(100). 

13. The user agent according to claim 12, wherein said transmitting means 
(110) being adapted for including said cookie-poUcy receipt in a resource fetch 
message transmitted to said content provider (200) . 

14. The user agent according to claim 12, further comprising: 

- means for comparing (160) said received privacy poUcy with user 
preference, said user preference specifying a cookie privacy poUcy accepted by 
said user; and 

- means for generating (125). connected to said comparing means 
(160), said cookie-poUcy receipt based on said comparison. 

15. The user agent according to claim 14, furiiier comprising means for 
presenting (110) said received privacy poUcy for said user on said user 
equipment (300) if said privacy poUcy does not fialfill said user preference, said 
generating means (125) being adapted for generating said cookie-poUcy receipt 
in response to a user input signal. 

16. The user agent according to claim 12, further comprising: 

- means for presenting (1 10) said received privacy poUcy for said user 
on said user equipment (300); and 
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means for generating (125) said cookie-poUcy receipt in response to 
a user input signal. 

17. The user agent according to claim 12, further comprising means for 
authenticating (130) said cookie-policy receipt with an authentication key 
(135; 355) associated with said user agent (100). 

18. The user agent according to claim 12, further comprising means for 
removing (140) a stored cookie associated with said requested resource from a 
storage (330) in said user equipment (300) if said cookie-poHcy receipt is 
specifying that said user does not accept that said content provider (200) 
provides said cookie to said user equipment (300). 

19. A content provider (200) adapted for providing a requested resource 
associated with a cookie to a user agent (100) in a data processing system (1), 
said content provider (200) comprises: 

means for transmitting (2 10), in response to a resource request from 
said user agent (100), a privacy poUcy associated with said cookie to said user 
agent (100); and 

means for providing (230), in response to a cookie-poUcy receipt 
transmitted from said user agent (100), said cookie to user equipment (300) 
associated with said user agent (100), said cookie providing means (230) being 
adapted for providing said cookie if said cookie-policy receipt is specifying that 
a user associated with said user agent (100) accepts that said content provider 
(200) provides said cookie to said user equipment (300). 

20. The content provider according to claim 19, wherein said cookie-poHcy 
receipt is received in a resource fetch message transmitted from said user 
agent (100). 

21. The content provider according to claim 19, further comprising means for 
providing (240) said cookie-associated resource if said cookie-policy receipt is 
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specifying that said user accepts that said content provider (200) provides said 
cookie to said user equipment (300). 

22. A system for managing cookies in a data processing system (1) 
comprising a user agent (100) requesting a resource associated with a cookie 
from a content provider (200), said system comprising: 

means for providing (240) a privacy policy associated with said 

cookie; 

means for transmitting (110) a cookie-policy receipt, said receipt 
transmitting means (110) being responsive to said privacy policy; and 

means for providing (230) said cookie in response to said cookie- 
policy receipt specifying that a user associated with said user agent (100) 
accepts that said content provider provides (200) said cookie to user 
equipment (300) associated with said user agent (100). 
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